The Corporate IS Department is seeking a dynamic and talented Information Security Analyst I.
The Information Security Analyst I assists with the identification, implementation, maintenance, and support of technologies designed to protect the confidentiality, integrity or availability of UHS and affiliates information systems. The ISA works with technical and non-technical staff to insure that deployed technologies are effectively and efficiently providing the intended controls consistent with established policies and procedures. Where appropriate, the ISA trains and supports technical staff in UHS affiliated locations to deploy, manage and support selected technologies. May oversee the technical aspects of tasks assigned to less experienced staff or contractors on projects, systems or applications assigned to the ISA.
Key Responsibilities include:
- Implement and maintain selected information security technologies within guidelines of policies and in keeping with good project management principles.
- Periodically review deployed security technologies to insure that the solutions continue to provide the intended protections efficiently and effectively.
- Identify gaps in protection and recommend solutions to remediate or mitigate the risks associated with the protection gaps.
- Work with staff at all levels in the organization, vendors and contractors to insure protections are effective, efficient and non-disruptive to the appropriate duties, rights and mission of the individuals and the organization(s).
- Adhere to UHS standards of service excellence, professionalism, and integrity while performing duties.
- 1-3 years experience with desktop, server and/or network administration in a mixed computing environment.
- Bachelor’s degree in Computer Science, Information Systems or related field required.
- Excellent communication, interpersonal and project management skills
- Experience using some or all of the following or similar informationsecuritytechnologies:
- Active Directory
- Intrusion detection/prevention systems (IDS/IPS)
- Web filtering
- Vulnerability scanners
- Encryption technologies for data at rest and data in transit
- Mobile device and removable media protection or management systems
- Forensic analysis
- Security Information and Event Management (SIEM) systems
- Common Vulnerabilities and Exposures (CVE )databases
- Device Control
- Familiarity with risk assessment and risk management concepts or processes.
- Working knowledge of various regulatory security requirements – particularly Sarbanes-Oxley (SOX), HIPAA, and HITECH.
- Ability to prioritize multiple tasks and be details oriented.
- An information security certification is a plus -- to demonstrate proficiency and knowledge of information security best practices and concepts.